Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.02 Administrator's Guide: HP-UX 11i v1 and 11i v2 > Chapter 8 Configuring Proxies

Creating or Modifying a Proxy
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

When adding a proxy entry to the server configuration or modifying an existing entry, you must supply values for the proxy attributes through the Server Manager’s Proxy Attributes Screen.

To add a new proxy, or modify an existing proxy, complete the following steps:

  1. From the navigation tree, click Proxies, and then click New Proxy if you are creating a new proxy. If you are modifying an existing proxy, select the proxy you want to modify.

    The Proxy Attributes screen appears as shown in Figure 8-3 “Server Manager’s Proxy Attributes Screen”.

    Figure 8-3 Server Manager’s Proxy Attributes Screen

    Server Manager’s Proxy Attributes Screen

  2. Fill up the form on the Proxy Attributes screen according to the information given in Table 8-1 “Proxy Configuration Options”.

    Table 8-1 Proxy Configuration Options

    Option

    		Function

    Name

    Enter the network location of the proxy server. The name can be an IPv4 address (in dotted-quad notation), an IPv6 address (in colon-separated notation), a valid fully qualified DNS name, or an IP (IPv4 or IPv6) address that contains a wildcard pattern.

    When specifying Name as a DNS host name, you must use the name returned by the hostname command.

    NOTE: To accept forwarded requests from any IPv4 address or from any IPv4 address of a particular subnet, specify a wildcard pattern. Examples of valid IPv4 wildcard patterns are:
    *
    192.*
    192.0.*
    192.0.2.*
    To allow access from any IPv6 address or from a group of IPv6 addresses, specify an IPv6 wildcard pattern. The allowed IPv6 wildcard patterns are constructed by appending an ‘*’ to a partial IPv6 address or by specifying a single ‘*’. Examples of valid IPv6 wildcard patterns are:
    *
    fedc:ba98:7654:3210:fe*
    fedc:ba98:7654:3210:fedc:ba98:*

    The special IPv6 syntax of compressing zeroes using "::" is not allowed in IPv6 Wildcard patterns. For example- ‘fedc::ba98:fe*’ is not allowed.

    Shared Secret

    Enter the shared secret held between the two authentication servers. The shared secret must be less than 255 characters. A request from a forwarding server for which the remote server does not have a shared secret will not be authenticated.

    Confirm Shared Secret

    		Enter the shared secret once more to confirm it.

    Vendor

    Enter the vendor-specific attributes to be returned to the proxy server in a reply. Select Generic (the default) if you do not want any vendor-specific attributes to be returned.

    If you select Generic (the default) no vendor-specific attributes are returned. You can make multiple selections by holding down the control key as you select vendor names.

    Response Options

    Select any of the check boxes to specify additional message-handling options. The following options are valid:

    RAD_RFC

    Verifies that the Access-Request conforms with the RADIUS RFC. Nonconforming messages are dropped.

    ACCT_RFC

    Verifies that the Accounting-Request conforms with the Accounting RFC. Nonconforming messages are dropped.

    CHECK_ALL

    Checks all attributes to determine if the request is a duplicate (for messages from a proxy server). This occurs if the remote server sends nonstandard messages that are not easily detected as duplicates.

    PRUNE

    Forces pruning as if the response is being returned to an access device. When this option is checked, the Generic vendor prunes all vendor-specific attributes before a message is returned to the proxy server. This can be used to help prevent problems that might occur if unencapsulated vendor attribute is not correctly mapped in the vendors file.

    The server prunes vendor-specific attributes for a given vendor if that vendor is not properly defined in the vendors file, and its attributes are not properly defined in the dictionary file.

    IMPORTANT: If you have specified the Prune response option for the proxy server and the HP-UX AAA server is using the MS-CHAP protocol for authentication, you must select Microsoft as one of the vendors.

     

  3. If you are adding a new proxy entry, click Create to submit the new proxy to the Server Manager.

    If you are modifying an existing entry, click Modify to submit changes made to the proxy entry to the Server Manager.

    Click Cancel to return to the Proxy screen without making any changes to your server configuration.

  4. From the navigation tree, click Save Configuration.

  5. On the Save Configuration screen that appears, click Save.

    NOTE: Clicking Save saves the entire server configuration (access devices, proxies, local realms, users, and server properties) to the servers you specify.

Forwarding Authentication Requests From a Proxy Server

To forward authentication requests from a proxy server, complete the following steps:

  1. Follow the steps listed in “Creating or Modifying a Proxy”.

  2. In the Proxy Configuration Form, configure the options described in Table 8-2 “Options for Forwarding Requests”.

    Table 8-2 Options for Forwarding Requests

    Option

    		Description

    Realms to forward

    All requests originating from the realm listed in this drop-down list will be forwarded to the remote server. To add a realm to the list, select Add Realm from the list. To modify or delete a listed realm, select the realm name from the drop-down list. When you add or modify a realm, you specify the realms name and whether its accounting messages should be forwarded to the remote server.

    Authentication relay port

    This port number value overrides the servers startup switches that specify the UDP port used to relay authentication requests. The default (when no value is entered in this field and no startup switch is specified) is 1812.

    Accounting relay port

    This port number value overrides the servers startup switches that specify the UDP port used to relay accounting requests. The default (when no value is entered in this field and no startup switch is specified) is 1813.

    Append Attributes

    When receiving a response from a remote server, Yes will instruct the server to append all the forwarded A-V pairs to new A-V pairs included in the response. This setting is useful when a remote server does not return all of the A-V pairs that it received.

     

  3. Click Create.

  4. From the Navigation pane, click Save Configuration.

  5. On the Save Configuration screen that appears, click Save.

CAUTION: Clicking Save saves the entire server configuration (access devices, proxies, local realms, users, and server properties) to the servers you specify.

Forwarding Authentication Requests to a Remote Server

To forward authentication requests to a remove server, complete the following steps:

  1. Follow the steps listed in “Creating or Modifying a Proxy”.

  2. In the Realms to Forward field, select the Add Realms option.

  3. Complete the Proxy Realm screen that appears by entering the name of the realm, and clicking the Yes checkbox.

  4. On the Proxy Realm screen, click Save.

  5. Repeat steps 2 to 4 for each realm that must be forwarded to the remote server. To remove a realm that has been added, select the realm name from the Realms to forward drop-down list and click Delete.

  6. Complete the remaining fields if necessary.

  7. Click Create.

  8. From the navigation tree, click Save Configuration.

  9. On the Save Configuration screen that appears, click Save.

    NOTE: Clicking Save saves the entire server configuration (access devices, proxies, local realms, users, and server properties) to the servers you specify.


Changing the Default localhost Proxy Settings
  		 


Changing RADIUS Port Numbers  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2005 Hewlett-Packard Development Company, L.P.